Data Breach at Norton Healthcare After Ransomware Attack 

ALPHV, Data Backup, Data Breach, Employee Training, Norton Healthcare, partition hard drives, Ransomware, , , , , ,
30
Jan 2024

Healthcare data is some of the most sensitive and confidential data to exist in IT systems, so the ransomware attack at Norton Healthcare is a big deal. 

Based in Kentucky, Norton Healthcare is a provider who delivers health services to adults and children in over 40 clinics. Their objective, as with all healthcare providers, is to improve the lives of their patients. However, a recent data breach has done little to inspire a sense of wellness in their patients. The breach, which occurred in May this year but is only just being reported, was part of a ransomware attack. Norton Healthcare’s network was breached for two days, but there appeared to be no evidence that their medical record system had been accessed. 

Nonetheless, healthcare data should always be secure, and breaches in local networks represent a major cause for concern. 

The Norton Healthcare Attack 

The exact nature of the attack has, at present, not been released. But we do know what the impact of the breach was. After discovering that an attack was taking place, Norton was forced into turning its network off, the last thing a healthcare provider wants to do. As the attack was unfolding, Norton received, in a novel twist, a faxed ransom note featuring threats and demands. Later that month, a ransomware group known as ALPHV claimed responsibility for the attack. 

ALPHV released a statement to the dark web which claimed that they had managed to compromise 4.7TB worth of data from Norton Healthcare’s servers. As proof, ALPHV uploaded numerous files – containing patients’ bank statements and Social Security numbers – to backup their claims. Norton’s official line is that only some network storage devices were breached, and these only contained identifying information rather than any medical data. 

How Can Healthcare Providers Protect Themselves?

With more and more healthcare providers coming under attack from threat actors, it’s important that they understand how to minimize their risk. In fact, these lessons are valuable for any business running an IT network, so it’s time to find out how. So, to stay safe from ransomware attacks, make sure you follow this best guidance: 

  • Regular backups: it’s vital that you perform regular backups of your data to ensure, if it becomes encrypted by ransomware, you still have access to it. Ideally, these backups should be completed daily at the very least, and they should always be saved to secure locations. It’s important to keep copies of your backups offline as well, this will allow you to access your data even if you need to take your network down. 
     
  • Partition your hard drives: to minimize the impact of a breach, it’s a good idea to partition you hard drives and data storage. By separating these from your main network, and from each other, you’re limiting the files and data that malware can access. This minimizes the risk of data loss and allows you to keep important systems online. 
     
  • Employee training: educating your staff about the dangers of social engineering and phishing emails is one of the most important steps you can take. Ransomware, such as the strain encountered by Norton Healthcare, is often spread through emails and your employees need to be able to identify these threats before clicking on them. 

For more ways to secure and optimize your business technology, contact your local IT professionals. 

Read More

Hello XD Ransomware is no Laughing Matter

Data Backup, Hello XD, Ophtek, Phishing, Ransomware, Russian Hacker, , , , ,
14
Jun 2022

The Hello XD ransomware was first spotted in the digital wild back in November 2021, but recent research indicates that it’s becoming more virulent.

There’s no such as ‘good’ ransomware, but it’s not unreasonable to describe Hello XD as ‘disastrous’ due to its enhanced capabilities. Whereas, previously, Hello XD focused its efforts on the standard ransomware practice of encrypting files, its evolved form now includes a backdoor feature. This enhanced functionality allows the transfer of data from infected PCs to external sources. Combined with its ransomware feature, this new form of Hello XD represents a huge security risk.

Ransomware is a highly problematic attack, and it’s one which your organization needs to avoid at all costs. Hello XD is the latest in a long line of ransomware attacks and, as ever, it could save you a fortune by understanding how it operates.

Hello XD Steps Up Its Game

Spread through various phishing techniques, Hello XD operates in the following manner once it arrives on a PC:

  • Hello XD’s first step is to disable shadow copy capabilities, this means that system snapshots cannot be saved or accessed. System recovery, therefore, can’t be used to counter the impact of Hello XD.
  • The infected system’s hard drive is then encrypted by Hello XD, all files are encrypted with a .hello extension and rendered inaccessible.

Clearly, Hello XD packs a powerful punch and has the capability to bring your organizations IT operations to a halt. It is believed that Hello XD has been designed by X4K, a Russian-speaking hacker who has been advertising his wares on various hacking forums. It’s also likely that X4K will enhance Hello XD’s capabilities even further for future attacks, so it’s crucial you remain alert.

How Do You Say Goodbye to Hello XD?

The best way to avoid falling victim to Hello XD is by practicing the following:

  • Understand phishing techniques: Hello XD, and many other forms of ransomware, use phishing strategies such as mass emails to snare their victims. Emails, for example, which instill a sense of urgency over financial matters can be used to encourage users to open malicious attachments. However, if your employees understand the tell-tale signs of social engineering, they will be better placed to avoid falling victim to phishing attacks.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Use the 3-2-1 Backup Method to Protect Your Data

Backup, Backup and Recovery, Backup Strategies, Data Backup, Data Storage, Ophtek, , , , ,
28
Jan 2020

Hardware can easily become compromised, stolen or damaged. And this can leave you without crucial data. But the 3-2-1 backup method is here to help.

Data disasters are most often caused by hardware failure, human error or cyber-attacks. Regardless of the cause, your organization needs a good backup strategy in place. You need to be able to retrieve your data in the event of an emergency. Without a backup strategy you will struggle to recover and this will have a major impact on your productivity. And that’s why the 3-2-1 backup method has proved to be so popular with businesses.

Data protection has never been more important that today, so we’re going to take a look at how the 3-2-1 backup method can protect your data.

What is the 3-2-1 Backup Method?

The principle behind the 3-2-1 backup method lies in its name:

Let’s take a closer look at each part of the method to help you understand the thinking behind it:

  • Keeping at Least 3 Copies of Your Data: To keep just one backup copy of your data is careless. Say, for example, your data is compromised by ransomware. An option would be to retrieve your backup data from an external hard drive. But what if you discover this device has been damaged in some way? You need an alternative solution. And this could be accessing a USB drive or connecting to a cloud storage solution. The minimum number of copies you should keep is three, but there’s no maximum. You can keep three, five or fifty. 
  • Keeping 2 of these Copies on Local Devices: Onsite backups are essential for keeping your productivity in place. Data disasters are unpredictable and can have an instant impact. Therefore, you need to make sure that you have your backup data close to hand. This approach will allow you to quickly implement any compromised data and establish normal working practices. Again, it’s important to have more than one local backup available to safeguard against any technical issues. 
  • Keeping at Least 1 Copy Offsite: If you want to reap the benefits of a complete backup strategy you need to keep one copy offsite. Advances in cloud computing mean that it’s easier than ever to store data offsite. And this can pay dividends in the case of a local disaster. If, for example, you are hit by a hurricane or a flood, all your local backups could be damaged. It doesn’t matter if you’ve got three or three hundred. But if you keep at least one copy in the cloud you are ensuring comprehensive data protection is in place. 

Final Thoughts 

A good backup strategy is vital in protecting your data in the event of a data disaster. And it pays to be comprehensive in the manner in which you protect your data. The 3-2-1 backup method is the perfect way in which to achieve this.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

7 Tips for Keeping Your Sensitive Data Secure

Cloud Storage, Data Backup, Data Security, Ophtek, Password Security, Security, Updates, USB Flash Drives, , ,
13
Aug 2019

Data will always be one of the cornerstones of your business. But keeping this data secure in the 21st century is a big ask. So, how do you protect it?

A staggering amount of data is created every single day and your business will contribute to this with each order placed, every service request logged and all the mailing lists you create. Data such as this is sensitive and needs to be protected. If personal details are compromised then they can be used for fraudulent purposes. Your customers need to trust your organization to handle and protect their data correctly. But in a world full of hackers, malware and social engineering it can feel like an uphill struggle.

However, you can make a significant difference to your data protection. And it doesn’t have to be difficult. In fact, you can elevate the security of your data quickly and effectively. All you have to do is follow our 7 tips for keeping your sensitive data secure.

  1. Use Cloud Storage

Individual PCs can become compromised by security breaches. And this means that the data stored on this hardware is up for grabs. But if this data is stored remotely it’s securer and less likely to be stolen. The perfect way to achieve this is by investing in remote cloud storage.

  1. Never Display Passwords

Passwords should never be displayed e.g. written on a Post-It note stuck to your monitor. Hackers don’t have to be external figures, they can easily be an internal threat. Therefore, create passwords which you can remember easily and don’t need to have visible reminders for.

  1. Make Sure Deleted Files are Overwritten

A deleted file isn’t necessarily deleted. And a hacker who knows what they’re doing can easily retrieve those files you thought were deleted for all eternity. But if these deleted files are overwritten enough times then you can make it impossible to retrieve them from your hard drive.

  1. Always Encrypt USB Sticks

USB sticks are useful for carrying around large amounts of data in a small space, but their small size means they’re easy to lose. Therefore, you should always ensure that data on these devices is encrypted and password protected.

  1. Install Anti-Malware Protection

You can never take enough precautions when it comes to data security, so anti-malware software should always form part of your strategy. Malware operates stealthily and can steal your data at a rapid pace. But with anti-malware protection in place you can reduce the risk of malware getting a foothold in your system.

  1. Always Install Updates

PC software and hardware is prone to security vulnerabilities. And these vulnerabilities give hackers the opportunity to access your systems and your data. Installing all updates at the earliest opportunity helps you to avoid having your systems and data compromised.

  1. Destroy Old Hard Drives

Technology advances at a rapid pace and PC hardware can soon become obsolete in the face of newer, faster technology. Hard drives are a case in point. But you need to make sure old hard drives are disposed of correctly. They contain a lot of data, so need to be thoroughly cleaned and then shredded to prevent any sensitive data being made available to external sources.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

What Can the Cloud Do for Your Business?

Backup, Backup Strategies, Cloud, Cloud Backup, Cloud Storage, Data Backup, data recovery, Data Storage, Ophtek, , , ,
16
Jul 2019

 

Around 77% of businesses work with cloud computing in at least one respect. Clearly it’s an important tool, but what can the cloud do for your business?

Cloud computing has been steadily transforming the way we work for the last decade. And it’s crucial that your business gets on board. We live in competitive times and even the tiniest of edges can have a significant impact on performance. But what can you use the cloud for? And how can it transform your business? These are good questions and ones that you need to know the answers to.

To help you understand how you can harness the power of the cloud we’re going to demonstrate what it can do.

How Can You Use the Cloud?

Despite the complexities behind the infrastructure, cloud computing is a relatively simple concept. The cloud is a digital infrastructure which is available to multiple users over the internet. It’s your existing physical network, but transcribed into binary code. And, thanks to the possibilities of the internet, it can be connected to from anywhere in the world.

Cloud computing has been a revolution in business computing. It’s a methodology which brings a seemingly endless series of benefits to its users. And who wouldn’t want to sign up to that? But what exactly can the cloud do for you? Let’s take a look:

  • Remote Working: Physical space within organizations is a valuable commodity. However, employees take up a lot of physical space. And this can lead to a lack of space for stock and equipment. But the flexibility offered by the cloud solves this problem. As long as an employee has an internet connection they can connect to your infrastructure from wherever they way. This setup grants you the opportunity to maximize the space you have and offer more flexible working conditions to your employees. 
  • Data Storage: A lot of data is currently stored in the cloud and this amount is set to skyrocket over the next few years. It’s a modern phenomenon of data storage and one that is vastly different to past methods. Previously the norm had been to archive endless optical media and record data to huge hard drives. While this provided an immediate source of data for organizations it was all rather fiddly and bulky. Cloud computing consigns this to the past. And it does this by allowing you to store huge amounts of data in remote data centers which is instantly accessible. 
  • Shared Data: We’ve all experienced the pain of a lengthy download time. But now there’s no need to be frustrated. The cloud has seriously updated data sharing for the 21st Now you can back your data up to hard drives on the cloud and provide instant access to whoever needs it. All you need to do is send them a link and the data will be readily available. And, without having to sit through an agonizingly slow download, the recipient can become more productive. 

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
1 2